Website
Optimisation
Support
Training
Blog
db8
Portfolio
Reviews
Contact
Joomla 4.4.7 - Security Release
On Tuesday 20 August 2024, Joomla 4.4.7 was released. This version contains important security updates and bug fixes. The security update may affect 3rd party plugins, which should therefore be checked. Note: In this update, an issue was introduced with pagination in Smart Search and Archived Articles.
Solved security issues
Some XSS (Cross-Site Scripting) security flaws have been discovered in Joomla, which are fixed with this security release. XSS is a security flaw in which an attacker can insert malicious scripts into content. If those scripts are executed on the website, attackers can steal sensitive information, take over user accounts or perform other malicious actions. This XSS security flaw can only be exploited by attackers if they have write access to the website. As additional security, you can use Joomla's default HTTP Headers plugin that defuses any malicious scripts.
Furthermore, the update fixes a ‘Cache Poisoning in Pagination’ issue. Cache Poisoning is a cyber attack in which a malicious person manipulates information stored in a cache (a temporary storage area). Joomla's pagination, the navigation at the bottom of the page to navigate to the next page, could be manipulated. After this update, only predefined parameters can be used. This could cause problems with 3rd-party plugins that also need to fix the potential issue in their code.
NB: This update introduced a new issue with pagination in Smart Search and Archived Articles.
A new patch is likely to follow soon.
Solved issues
- [20240805] - Core - XSS vectors in Outputfilter::strip* methods
- [20240804] - Core - Improper ACL for backend profile view
- [20240803] - Core - XSS in HTML Mail Templates
- [20240802] - Core - Cache Poisoning in Pagination
- [20240801] - Core - Inadequate validation of internal URLs
Fixed bugs
A detailed overview of the resolved bugs is available on Joomla's official GitHub repository: https://github.com/joomla/joomla-cms/milestone/129?closed=1
Joomla 4.4.7 does not introduce any new features. It only ensures good preparation for future upgrades from Joomla 4.x to Joomla 5.x. This release contains critical updates that ensure users can upgrade to the latest versions of the CMS without any hassle.
If you are currently using Joomla 4.x, it is highly recommended to upgrade to Joomla 4.4.7 for the improved upgrade capabilities.
Are you looking for support updating or migrating to Joomla 4.4.7? Please contact us.
